Advancing Robust IT Security and Privacy Programs

As cybercriminals’ attacks continue to evolve, so too must the University’s approach to protecting University and personal data. Information is a critical asset, and how it is managed, stored, and protected has a significant impact on the delivery of University-wide services. Working with University leadership and technology partners across campus, Northwestern IT is leading efforts to advance robust IT security and privacy programs.

Through partnership with the schools and units and continued investment in capabilities and capacity within the Information Security Office, Northwestern is well-positioned to strengthen our security environment and programs. Included below is an update on some of the key initiatives, specifically those directly affecting students, faculty, and staff.

Defined Security and Privacy Frameworks—Acting on recent information technology risk assessments and changing regulatory requirements, Northwestern IT is engaged with University schools, units, and collaboration partners to implement security and privacy programs that update and enact policies and guidelines aligned with fast-evolving threats and regulatory requirements. The framework centers around six focus areas—streamlined policies, more detailed guidelines, data classification, common control requirements, security and privacy maturity monitoring and reporting, and new supporting data and technology solutions. In the coming year, students, faculty, and staff will have opportunities to offer input on revised information security and privacy guidelines and standards. The result will consolidate the number of policies and guidelines while strengthening our security and privacy capabilities across the University, including research and health care fields.   

Multi-Factor Authentication (MFA) for All—Northwestern IT is working toward integrating MFA into all University applications. An extra layer of security, MFA prevents unauthorized access to University and personal information if a NetID and password are compromised. Faculty and staff now authenticate with MFA on Microsoft 365 applications—including Outlook email—and we are working with technology partners to add this vital protection to other high-use applications, including myHR Learn, Smartsheet, the undergraduate research grants and programs system, Qualtrics, Tableau, and more. As more applications become protected, Northwestern IT is actively seeking ways to simplify the process to minimize the need for multiple MFA authentications. Learn more about MFA, including the various notification types and how to manage your registered devices.

Enhanced Phishing Resources—Phishing continues to be the most prominent cyberattack. These malicious attempts come in a variety of forms, most recently the tax scam targeting .edu addresses. While the University’s Email Defense System blocks the vast majority of attacks—last fiscal year alone, 807.5M fraudulent emails were blocked—some get through. In these cases, it is important to understand what to look for and how to report instances of phishing. The newly redesigned Recognizing Phishing Attempts web page includes education on recent attempts, describes the various phishing forms, offers best practices for avoiding scams, and details steps to report malicious messages to the Information Security Office. Remember, it takes all of us to keep University and personal data secure. For more information on security best practices, visit the Secure Northwestern web page.  

Changes to Endpoint Security Solution—Effective June 30, 2021, Northwestern will no longer contract with Symantec for antivirus software. Northwestern is transitioning to CrowdStrike Falcon for all University-owned systems. Anyone looking for antivirus solutions available for “home use” can review our recommendations on the Northwestern IT site.